We say, 0day vulnerabilities so horrible, because in addition to the discoverer of the vulnerability, but no one else knows the existence of this loophole, which means there is no official patch related to repair.
Thus once an attacker using a network, it initiates the attack often of great sudden and devastating.
Invisible is the most terrible, and this is a real threat of 0Day.
Recently, Windows 10 will be exposed 0day vulnerabilities exist.
Found that the vulnerability is named SandboxEscaper of security researchers, or for previous unpleasant experience of communication, the threatened its "eager to sell Microsoft software vulnerabilities," leading to his Twitter account was suspended.
It is understood that new vulnerabilities are classified as local privilege escalation (LPE) vulnerability can be used by permission exploit the Task Scheduler is running on the computer to enhance the harmful code hackers.
Fortunately, a hacker can not separate into a computer exploit this vulnerability at a first time, but may be used in combination with these types of vulnerabilities.
Apart from the source code vulnerability, SandboxEscaper also released a video showing a case of this zero-day vulnerability to be attacked.
It has been tested and certified to run on Windows 32-bit system 10, and after some modifications, I believe that the vulnerability can run on all versions of Windows, it has been "backward compatible" to Windows XP and Windows Server 2003.
It is reported that Microsoft has been no advance warning of the 0day vulnerability, but now must race against time to solve this security problem, and the next patch is scheduled for release in mid-June. And during this window period, the attacker could exploit this vulnerability to attack systems around the world.
Manuscript Source: PConline